i386: TCG + virtiofs fails to boot Fedora/CentOS/OpenSUSE since QEMU v7.2
Host environment
- Operating system: Fedora 39
- OS/kernel version: 6.6.8-200.fc39.x86_64
- Architecture: x86-64
- QEMU flavor: qemu-system-x86_64
- QEMU version: 8.1.3
- QEMU command line:
qemu-system-x86_64 -machine type=q35,memory-backend=mem -smp 1 -m 2G -object memory-backend-memfd,id=mem,size=2G,share=on -accel tcg -cpu max -nographic -nodefaults -kernel <kernel> -chardev socket,id=<sock>,path=<path> -device vhost-user-fs-pci,queue-size=1024,chardev=<sock>,tag=root -append "root=root rootfstype=virtiofs rw <extra-kernel-command-line>" -initrd <initrd>
For a full qemu command line that reproduces the issue, see the reproducer below
Emulated/Virtualized environment
- Operating system: Fedora 39
- OS/kernel version: 6.6.8-200.fc39.x86_64
- Architecture: x86-64
Description of problem
When booting from virtiofs with TCG acceleration, after switch root from initramfs to rootfs, the system crashes horribly, see logs below. The failures only happen when TCG acceleration is used with a virtiofs rootfs. Switching TCG for KVM acceleration or virtiofs for a disk image makes the issue disappear. This has started happening since QEMU version 7.2. Using any qemu version before QEMU version 7.2 works fine. Additionally, it only seems to happen with CentOS Stream, Fedora and OpenSUSE. Using Debian, Ubuntu or Arch Linux, this combination boots fine.
cc @bonzini since you made quite a few changes to TCG acceleration in QEMU v7.2.
Steps to reproduce
git clone https://github.com/systemd/mkosi
cd mkosi
-
bin/mkosi -d fedora -t directory --tools-tree=default --qemu-kvm=no --debug qemu
(this will build an image first so will take a while. Depending on your distribution you might need to installdnf
andbubblewrap
)
Additional information
<initramfs boot logs skipped for brevity>
Welcome to Fedora Linux 39 (Thirty Nine)!
[ 37.137287] systemd[1]: Initializing machine ID from random generator.
[ 37.209193] kauditd_printk_skb: 9 callbacks suppressed
[ 37.209227] audit: type=1334 audit(1704961693.242:45): prog-id=16 op=LOAD
[ 37.210718] audit: type=1334 audit(1704961693.243:46): prog-id=16 op=UNLOAD
[ 37.211491] audit: type=1334 audit(1704961693.244:47): prog-id=17 op=LOAD
[ 37.212766] audit: type=1334 audit(1704961693.245:48): prog-id=17 op=UNLOAD
[ 37.241136] audit: type=1334 audit(1704961693.274:49): prog-id=18 op=LOAD
[ 37.242803] audit: type=1334 audit(1704961693.275:50): prog-id=18 op=UNLOAD
[ 37.244114] audit: type=1334 audit(1704961693.277:51): prog-id=19 op=LOAD
[ 37.245790] audit: type=1334 audit(1704961693.278:52): prog-id=19 op=UNLOAD
[ 37.259849] audit: type=1334 audit(1704961693.291:53): prog-id=20 op=LOAD
[ 37.260072] audit: type=1334 audit(1704961693.292:54): prog-id=20 op=UNLOAD
[ 37.870091] systemd[1]: bpf-lsm: BPF LSM hook not enabled in the kernel, BPF LSM not supported
[ 38.074465] Process 299(false) has RLIMIT_CORE set to 1
[ 38.074793] Aborting core
[ 38.077885] Process 297(false) has RLIMIT_CORE set to 1
[ 38.078066] Aborting core
[ 38.079360] Process 298(false) has RLIMIT_CORE set to 1
[ 38.079516] Aborting core
[ 38.114888] Process 301(false) has RLIMIT_CORE set to 1
[ 38.115072] Aborting core
[ 38.217830] Process 305(false) has RLIMIT_CORE set to 1
[ 38.218038] Aborting core
[ 38.219161] Process 304(false) has RLIMIT_CORE set to 1
[ 38.219337] Aborting core
[ 38.287937] Process 308(false) has RLIMIT_CORE set to 1
[ 38.288169] Aborting core
[ 38.323829] Process 309(false) has RLIMIT_CORE set to 1
[ 38.324045] Aborting core
[ 38.325457] Process 310(false) has RLIMIT_CORE set to 1
[ 38.325811] Aborting core
[ 38.447773] Process 315(false) has RLIMIT_CORE set to 1
[ 38.447934] Aborting core
[ 38.449525] Process 314(false) has RLIMIT_CORE set to 1
[ 38.449768] Aborting core
[ 38.462210] (sd-execu[291]: /usr/lib/systemd/system-generators/systemd-integritysetup-generator terminated by signal SEGV.
[ 38.478826] Process 316(false) has RLIMIT_CORE set to 1
[ 38.479001] Aborting core
[ 42.397416] systemd[1]: Populated /etc with preset unit settings.
[ 42.532156] show_signal_msg: 68 callbacks suppressed
[ 42.535164] systemd[1]: segfault at b0 ip 00007f3ca95074ed sp 00007ffc7aa5f1c0 error 4 in libsystemd-core-254.7-1.fc39.so[7f3ca944c000+135000] likely on CPU 0 (core 0, socket 0)
[ 42.536289] Code: 00 48 89 fb 75 6f c6 87 88 04 00 00 01 48 8b 7f 70 45 31 ed 48 85 ff 75 1e e9 7f 00 00 00 0f 1f 80 00 00 00 00 e8 f3 24 f5 ff <48> 8b 7b 70 41 83 c5 01 48 85 ff 74 66 f6 87 63 04 00 00 01 75 e5
[ 42.543019] systemd[1]: Caught <SEGV> from PID 176.
[ 42.543516] audit: type=1701 audit(1704961698.576:99): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=317 comm="systemd" exe="/usr/lib/systemd/systemd" sig=11 res=1
[ 42.593878] traps: false[318] general protection fault ip:7fcccd942fa0 sp:7ffd528a8020 error:0 in libc.so.6[7fcccd928000+160000]
[ 42.594494] Process 318(false) has RLIMIT_CORE set to 1
[ 42.594831] Aborting core
[ 42.595808] audit: type=1701 audit(1704961698.627:100): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=318 comm="false" exe="/usr/bin/false" sig=11 res=1
[ 42.603224] systemd[1]: Caught <SEGV>, dumped core as pid 317.
[ 42.604202] systemd[1]: Freezing execution.
[ 42.656248] audit: type=1335 audit(1704961698.689:101): pid=1 uid=0 auid=4294967295 tty=(none) ses=4294967295 comm="systemd" exe="/usr/lib/systemd/systemd" nl-mcgrp=1 op=disconnect res=1
[ 42.657685] audit: type=1334 audit(1704961698.690:102): prog-id=14 op=UNLOAD
[ 42.657852] audit: type=1334 audit(1704961698.690:103): prog-id=15 op=UNLOAD
[ 42.658011] audit: type=1334 audit(1704961698.690:104): prog-id=11 op=UNLOAD
[ 42.658201] audit: type=1334 audit(1704961698.690:105): prog-id=12 op=UNLOAD
Edited by DaanDeMeyer